CVE-2018-18384
Description
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.223
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.7 | Windows |
| De-archiver for .zip files (USN-4672-1) unzip_6.0-20ubuntu1.1_i386.deb | Linux |
| De-archiver for .zip files (USN-4672-1) unzip_6.0-20ubuntu1.1_amd64.deb | Linux |
| De-archiver for .zip files (USN-4672-1) unzip_6.0-21ubuntu1.1_i386.deb | Linux |
| De-archiver for .zip files (USN-4672-1) unzip_6.0-21ubuntu1.1_amd64.deb | Linux |
| SUSE-SU-2020:1796-1(SUSE Linux Enterprise Server 12-SP5) unzip-6.00-33.13.3.x86_64.rpm | Linux |
| SUSE-SU-2020:1796-1(SUSE Linux Enterprise Server 12-SP5) unzip-debuginfo-6.00-33.13.3.x86_64.rpm | Linux |
| SUSE-SU-2020:1796-1(SUSE Linux Enterprise Server 12-SP5) unzip-debugsource-6.00-33.13.3.x86_64.rpm | Linux |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-18384) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234